Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:2251-1

Опубликовано: 10 дек. 2015
Источник: suse-cvrf

Описание

Security update for compat-openssl097g

This update for compat-openssl097g fixes the following issues:

Security issue fixed:

  • CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812)

A non security issue fixed:

  • Prevent segfault in s_client with invalid options (bsc#952099)

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
compat-openssl097g-0.9.7g-146.22.36.1
compat-openssl097g-32bit-0.9.7g-146.22.36.1
SUSE Linux Enterprise Desktop 11 SP4
compat-openssl097g-0.9.7g-146.22.36.1
compat-openssl097g-32bit-0.9.7g-146.22.36.1
SUSE Linux Enterprise Server for SAP Applications 11 SP2
compat-openssl097g-0.9.7g-146.22.36.1
compat-openssl097g-32bit-0.9.7g-146.22.36.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
compat-openssl097g-0.9.7g-146.22.36.1
compat-openssl097g-32bit-0.9.7g-146.22.36.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
compat-openssl097g-0.9.7g-146.22.36.1
compat-openssl097g-32bit-0.9.7g-146.22.36.1

Ссылки

Описание

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Desktop 11 SP3:compat-openssl097g-32bit-0.9.7g-146.22.36.1
SUSE Linux Enterprise Desktop 11 SP4:compat-openssl097g-0.9.7g-146.22.36.1
SUSE Linux Enterprise Desktop 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.36.1
Ссылки